{"id":3859,"date":"2014-01-30T02:01:48","date_gmt":"2014-01-29T17:01:48","guid":{"rendered":"http:\/\/www.vincentina.net\/?p=3859"},"modified":"2020-02-23T18:57:10","modified_gmt":"2020-02-23T09:57:10","slug":"dos%e3%81%93%e3%81%84%e3%83%a1%e3%83%bc%e3%83%ab%e3%81%a0%e3%82%88%ef%bc%81%e3%83%81%e3%82%a7%e3%82%b1%e3%83%a9","status":"publish","type":"post","link":"https:\/\/www.vincentina.net\/?p=3859","title":{"rendered":"DoS\u3053\u3044\u30e1\u30fc\u30eb\u3060\u3088\uff01\u30c1\u30a7\u30b1\u30e9"},"content":{"rendered":"

\u3072\u3055\u3073\u3055\u306bZABBIX\u304b\u3089\u30e1\u30fc\u30eb\u304c\u6765\u305f\u30fc\uff01\uff01<\/p>\n

Trigger: Processor load is too high on vincentina \r\nTrigger status: PROBLEM\r\nTrigger severity: Warning\r\nTrigger URL:\r\nItem values:\r\n1. Processor load (1 min average per core)\r\n (vincentina:system.cpu.load[percpu,avg1]): 5.17\u3000\u3000\u3000\u300019:35 (5\u6642\u9593\u524d)<\/pre>\n
Trigger: Processor load is too high on vincentina\r\nTrigger status: OK\r\nTrigger severity: Warning\r\nTrigger URL:\r\nItem values: \r\n1. Processor load (1 min average per core)\r\n (vincentina:system.cpu.load[percpu,avg1]): 2.865\u3000\u3000\u3000\u300019:44 (5\u6642\u9593\u524d)<\/pre>\n
\n
\u5927\u3057\u305f\u3053\u3068\u306d\u30fc\u306a\u30fc<\/span>\u3063\u3068\u601d\u3063\u3066\u305f\u3089\u304a\u624b\u88fd\u306eLA\u9ad8\u691c\u77e5\u30b9\u30af\u30ea\u30d7\u30c8\u304b\u3089\u306e\u30e1\u30fc\u30eb\u3082\u6765\u305f\u30fc\uff01<\/p>\n
Load average 8\u3000\u3000\u3000\u3000\u300019:36 (5\u6642\u9593\u524d)\r\nLoad average 16\u3000\u3000\u3000\u300019:37 (5\u6642\u9593\u524d)\r\nLoad average 17\u3000 \u00a0\u00a0\u00a0\u00a0 19:38 (5\u6642\u9593\u524d)\r\nLoad average 16\u3000 \u00a0\u00a0\u00a0\u00a0 19:39 (5\u6642\u9593\u524d)\r\nLoad average 18\u3000 \u00a0\u00a0\u00a0\u00a0 19:40 (5\u6642\u9593\u524d)\r\nLoad average 19\u3000\u3000\u3000\u00a0 19:41 (5\u6642\u9593\u524d)\r\nLoad average 19\u3000\u3000 \u00a0\u00a0\u00a0\u00a0 19:42 (5\u6642\u9593\u524d)\r\nLoad average 20\u3000\u3000 \u00a0\u00a0\u00a0\u00a0 19:43 (5\u6642\u9593\u524d)\r\nLoad average 18\u3000\u3000 \u00a0\u00a0\u00a0\u00a0 19:44 (5\u6642\u9593\u524d)\r\nLoad average 7\u3000\u3000\u3000\u3000\u300019:45 (5\u6642\u9593\u524d)\r\nLoad average 2\u3000\u3000\u3000\u3000\u300019:45 (5\u6642\u9593\u524d)<\/pre>\n
Zabbix\u304b\u3089\u306e\u30e1\u30fc\u30eb\u306f\u3061\u3087\u3046\u3069\u5c71\u306e\u767b\u308a\u53e3\u3068\u964d\u308a\u53e3\u306e\u3068\u3053\u308d\u3089\u3057\u3044(\u7b11)
\n\u30ed\u30b0\u3092\u898b\u305f\u3089\u3001\u306a\u304b\u306a\u304b\u3044\u3044\u611f\u3058\u306bDoS\u3089\u308c\u3066\u3044\u305f\u307f\u305f\u3044\u306a\u3093\u3060\u304c<\/span>\u3001mod_dosdetector\u304c\u3046\u307e\u304f\u52d5\u3044\u3066\u306a\u304b\u3063\u305f\u3088\u3046\u3060\u306d\u3002<\/p>\n
198.1.153.12 - - [29\/Jan\/2014:19:37:33 +0900] \"GET \/register.php HTTP\/1.1\" 404 612 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:33 +0900] \"GET \/ HTTP\/1.1\" 503 585 \"-\" \"Mozilla\/5.0 (Windows NT 5.1; rv:25.0) Gecko\/20100101 Firefox\/25.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:33 +0900] \"GET \/ HTTP\/1.1\" 503 585 \"-\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:33 +0900] \"GET \/register HTTP\/1.1\" 503 585 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:29 +0900] \"GET \/ HTTP\/1.1\" 200 13710 \"-\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:34 +0900] \"GET \/tools\/quicklogin.one HTTP\/1.1\" 503 586 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:34 +0900] \"GET \/index.php?register HTTP\/1.1\" 503 586 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:34 +0900] \"GET \/login.php HTTP\/1.1\" 503 586 \"-\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:34 +0900] \"GET \/login.php HTTP\/1.1\" 503 586 \"-\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:36 +0900] \"GET \/member.php?mod=logging&action=login HTTP\/1.1\" 404 612 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n--\r\n198.1.153.12 - - [29\/Jan\/2014:19:37:54 +0900] \"GET \/index.php HTTP\/1.1\" 301 20 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:38:00 +0900] \"GET \/logging.php?action=login HTTP\/1.1\" 503 584 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:38:00 +0900] \"GET \/register.php HTTP\/1.1\" 503 584 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:38:00 +0900] \"GET \/tools\/quicklogin.one HTTP\/1.1\" 503 584 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:38:00 +0900] \"GET \/index.php?register HTTP\/1.1\" 503 584 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"\r\n198.1.153.12 - - [29\/Jan\/2014:19:38:01 +0900] \"GET \/signup\/ HTTP\/1.1\" 404 612 \"http:\/\/www.vincentina.net\/\" \"Mozilla\/5.0 (Windows NT 5.1; rv:11.0) Gecko\/20100101 Firefox\/11.0\"<\/pre>\n
mod_dosdector\u306e\u95be\u5024\u306e\u898b\u76f4\u3057\u3068\u304b\u3092\u3057\u3066apache\u518d\u8d77\u52d5\u3057\u3066\u304a\u3044\u305f\u3002<\/p>\n
\u307b\u307c\u30c7\u30d5\u30a9\u8a2d\u5b9a\u306a\u306e\u3067\u30015\u79d2\u7f6e\u304d\u306b\u76e3\u8996\u3057\u3066rewrite\u3067\u3068\u3070\u3059\u3068\u3044\u3046\u8a2d\u5b9a\u306a\u306e\u3060\u3051\u3069\u30015\u79d2\u7f6e\u304d\u306e\u30ed\u30b0\u3092\u3068\u3063\u3066\u307f\u308b\u3068\u3001\u4e0a\u624b\u3044\u5177\u5408\u306b\u56de\u907f\u3055\u308c\u3066\u305f\u306e\u304b\u3082\u3057\u308c\u3093\u3002<\/p>\n
\u3063\u3066\u3053\u3068\u3067\u8a2d\u5b9a\u5909\u66f4\u3060\u30fc\u3002
\n\u3053\u306e\u7a0b\u5ea6\u3067\u306fDoS\u3068\u306f\u8a00\u308f\u306a\u3044\u306e\u304b\u3082\u3057\u308c\u3093\u306a\u3002<\/p>\n
\u3053\u306e2\u5e74\u9593\u3067\u3082\u5358\u4e00\u306eIP\u30a2\u30c9\u30ec\u30b9\u306e\u30a2\u30af\u30bb\u30b9\u904e\u591a\u306f\u3042\u3063\u305f\u3051\u3069\u3001DDoS\u3068\u8a00\u308f\u308c\u308b\u3088\u3046\u306a\u653b\u6483\u306f\u3044\u307e\u3060\u306b\u4e00\u5ea6\u3082\u306a\u3044\u3057\u3002<\/p>\n
[root@takechan takeken]# a=10 ; while [ $a -le \"60\" ] ; do grep 198.1.153.12 \/var\/log\/httpd\/access_log | grep 2014:19:35:$a | wc -l ; a=$(($a+5)) ; done\r\n3\r\n4\r\n1\r\n3\r\n2\r\n0\r\n4\r\n4\r\n0\r\n2\r\n0\r\n[root@takechan takeken]#\r\n[root@takechan takeken]# a=10 ; while [ $a -le \"60\" ] ; do grep 198.1.153.12 \/var\/log\/httpd\/access_log | grep 2014:19:36:$a | wc -l ; a=$(($a+5)) ; done\r\n4\r\n3\r\n4\r\n0\r\n6\r\n2\r\n5\r\n4\r\n5\r\n3\r\n0\r\n[root@takechan takeken]# a=10 ; while [ $a -le \"60\" ] ; do grep 198.1.153.12 \/var\/log\/httpd\/access_log | grep 2014:19:37:$a | wc -l ; a=$(($a+5)) ; done\r\n6\r\n8\r\n3\r\n4\r\n1\r\n3\r\n7\r\n2\r\n10\r\n4\r\n0\r\n[root@takechan takeken]# a=10 ; while [ $a -le \"60\" ] ; do grep 198.1.153.12 \/var\/log\/httpd\/access_log | grep 2014:19:38:$a | wc -l ; a=$(($a+5)) ; done\r\n5\r\n5\r\n2\r\n8\r\n5\r\n7\r\n7\r\n0\r\n0\r\n1\r\n0\r\n[root@takechan takeken]# a=10 ; while [ $a -le \"60\" ] ; do grep 198.1.153.12 \/var\/log\/httpd\/access_log | grep 2014:19:39:$a | wc -l ; a=$(($a+5)) ; done\r\n3\r\n0\r\n2\r\n3\r\n3\r\n2\r\n1\r\n2\r\n3\r\n0\r\n0\r\n[root@takechan takeken]# a=10 ; while [ $a -le \"60\" ] ; do grep 198.1.153.12 \/var\/log\/httpd\/access_log | grep 2014:19:40:$a | wc -l ; a=$(($a+5)) ; done\r\n2\r\n1\r\n2\r\n5\r\n3\r\n0\r\n2\r\n1\r\n2\r\n4\r\n0\r\n[root@takechan takeken]# a=10 ; while [ $a -le \"60\" ] ; do grep 198.1.153.12 \/var\/log\/httpd\/access_log | grep 2014:19:41:$a | wc -l ; a=$(($a+5)) ; done\r\n3\r\n2\r\n4\r\n6\r\n0\r\n5\r\n2\r\n2\r\n0\r\n4\r\n0\r\n[root@takechan takeken]# a=10 ; while [ $a -le \"60\" ] ; do grep 198.1.153.12 \/var\/log\/httpd\/access_log | grep 2014:19:42:$a | wc -l ; a=$(($a+5)) ; done\r\n4\r\n4\r\n3\r\n2\r\n2\r\n1\r\n2\r\n1\r\n6\r\n2\r\n0\r\n[root@takechan takeken]# a=10 ; while [ $a -le \"60\" ] ; do grep 198.1.153.12 \/var\/log\/httpd\/access_log | grep 2014:19:43:$a | wc -l ; a=$(($a+5)) ; done\r\n0\r\n0\r\n0\r\n0\r\n0\r\n0\r\n0\r\n0\r\n0\r\n0\r\n0<\/pre>\n
\u95be\u5024\u306e\u8a2d\u5b9a\u3063\u3066\u306e\u306f\u3001\u306a\u304b\u306a\u304b\u96e3\u3057\u3044\u3082\u306e\u306a\u306e\u3060\u306a\u3042\u3002<\/p>\n
 <\/p>\n<\/div>\n
        
Tweet<\/a><\/div><\/div>\n
\n","protected":false},"excerpt":{"rendered":"
\u3072\u3055\u3073\u3055\u306bZABBIX\u304b\u3089\u30e1\u30fc\u30eb\u304c\u6765\u305f\u30fc\uff01\uff01 Trigger: Processor load is too high on vincentina Trigger status: PROBLEM Trigger sever … “DoS\u3053\u3044\u30e1\u30fc\u30eb\u3060\u3088\uff01\u30c1\u30a7\u30b1\u30e9” \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-3859","post","type-post","status-publish","format-standard","hentry","category-server"],"_links":{"self":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/3859","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3859"}],"version-history":[{"count":0,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/3859\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3859"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3859"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3859"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}